# Exploit Title: Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router)# Date: 2018-07-21# Exploit Author: Nathu Nandwani# Website: http://nandtech.co# CVE: CVE-2015-5996## Description:## The router is vulnerable to a cross-site request forgery attacker. # If an administrator is currently logged in and visits a # remote webpage containing forms existing in the router's firmware, # a request can be forged to modify existing settings or even # set the router to its default state.## These are two examples that can work in the proof of concept: # /goform/SysToolReboot - Reboot the router# /goform/SysToolRestoreSet - Set the router to default settings## Reference: https://www.kb.cert.org/vuls/id/630872

Apache OpenWhisk is prone to a remote code-execution vulnerability.An attacker may exploit this issue to inject and execute arbitrary code within the context of the affected application; this may aid in further attacks.Versions prior to Apache OpenWhisk 1.3.1 are vulnerable.